Citi Breach Exposes Card Data

Credit Eligible

Online Breach May Impact 200K Customers

June 9, 2011 - Tracy Kitten, Managing Editor

Print  Email  Save   Digg Delicious Reddit

Citigroup confirms that a breach of its online banking platform, Citi Account Online, may have exposed personally identifiable information about hundreds of thousands of Citi customers.

According to a statement, Citi recently discovered an unauthorized user had accessed its system. The discovery was made during routine monitoring, says Sean Kevelighan, head of communications and public affairs for Citigroup.

"A limited number - roughly 1 percent - of Citi North America bankcard customers' account information [such as name, account number and contact information, including e-mail address] was viewed," Kevelighan said. "The customer's Social Security number, date of birth, card expiration date and card security code [CVV] were not compromised. We are contacting customers whose information was impacted." Citi has approximately 21 million card customers.

Kevelighan also says Citi has implemented enhanced security procedures, "to prevent a recurrence of this type of event."

According to a news report in the Financial Times, Citi discovered the breach in early May.

Regulatory guidelines recommend banks notify their primary regulator, which for Citi is the Office of the Comptroller of the Currency, when sensitive customer data is compromised. Guidelines do not require banks to notify customers, especially if notifying customers might jeopardize breach investigations.

Not the First Breach for Citi?